Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Samba 4.5 tip[solved]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
jserink
l33t
l33t


Joined: 30 Jan 2004
Posts: 930

PostPosted: Mon Jun 12, 2017 11:59 am    Post subject: Samba 4.5 tip[solved] Reply with quote

Hi All:

Have spent the last 6 hours trying to get samba to work again with my windows7 VM.
On June 5 I upgraded samba to 4.5-10 from 4.2-14...I never restarted the samba daemons so my laptop sat at work for 5 days until I shut it down friday.

Booted up today at home to start on a compliance table for a tender and Windows7 can't connect to samba.....WTF?
From a bash console smbclient works fine.....I haven't changed anything. Ok, so try and downgrade back to 4.2-14....
Now that version crashes, it won't startup at all. Bugger. back to 4.5-10.

Google-fu.....found it in man smb.conf:
[ ntlm auth (G)

This parameter determines whether or not smbd(8) will attempt to authenticate users using the NTLM
encrypted password response. If disabled, either the lanman password hash or an NTLMv2 response will need
to be sent by the client.

If this option, and lanman auth are both disabled, then only NTLMv2 logins will be permited. Not all
clients support NTLMv2, and most will require special configuration to use it.

The primary user of NTLMv1 is MSCHAPv2 for VPNs and 802.1x.

The default changed from "yes" to "no" with Samba 4.5.

Default: ntlm auth = no
]

Notice the second last line....I had no "ntlm auth" statement in my smb.conf as the default YES was fine....until the default changed.
So now I have it in there.

6 hours.

Samba guys, surely there's a better way? A list of defaults that have changed AT THE BEGINNING of the release notes for each version perhaps?
Maybe its already there somewhere but samba is such a mammoth package, one gets lost easily.

A tip to save you time.

Cheers,
John
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 2883
Location: Illinois, USA

PostPosted: Mon Jun 12, 2017 1:50 pm    Post subject: Reply with quote

Had much the same problems. Solved mine by changing

Code:
name resolve order = hosts wins bcast lmhosts
to
Code:
name resolve order = bcast


Read a bunch of stuff online about wins. Still don't understand it or whether I want it or not.
Back to top
View user's profile Send private message
gordonb3
Apprentice
Apprentice


Joined: 01 Jul 2015
Posts: 185

PostPosted: Wed Jun 14, 2017 10:39 am    Post subject: Reply with quote

Thank you very much. Could not figure out what happened. Windows 7 and up did not experience any issues, but I have a flatbed scanner attached to an XP VM and that one could no longer connect to the image folder. `ntlm auth = yes` allowed the XP machine back in.
Back to top
View user's profile Send private message
Fitzcarraldo
Veteran
Veteran


Joined: 30 Aug 2008
Posts: 1631
Location: United Kingdom

PostPosted: Wed Jun 14, 2017 11:26 pm    Post subject: Reply with quote

Tony0945 wrote:
Had much the same problems. Solved mine by changing

Code:
name resolve order = hosts wins bcast lmhosts
to
Code:
name resolve order = bcast


Read a bunch of stuff online about wins. Still don't understand it or whether I want it or not.

If you are using a Windows Workgroup on a typical home network, WINS is not necessary. Broadcast NetBIOS name resolution works fine for a typical home network. That's how all the Windows and non-Windows machines are set up on my home network: A correct method of configuring Samba for browsing SMB shares in a home network.
_________________
Clevo W230SS: amd64 OpenRC elogind nvidia-drivers & xf86-video-intel.
Compal NBLB2: ~amd64 OpenRC elogind xf86-video-ati. Dual boot Win 7 Pro 64-bit.
KDE on both.

Fitzcarraldo's blog
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 2883
Location: Illinois, USA

PostPosted: Thu Jun 15, 2017 1:47 am    Post subject: Reply with quote

Thank You, FitzCarraldo for that very informative blog post! It is much clearer than the Windows stuff that I have been reading. My network consists of one XP machine, one Win 7 machine and two Gentoo machines. Most (but not all) traffic is transferring files between the two Windows machines and the central Linux server. The Win 7 machine is recent and I was dismayed by that homegroup setup. When I couldn't connect from either XP or Gentoo, I installed a business group (or whatever they call it) and was able to connect. You would think that at least Windows could easily connect to Windows, wouldn't you?
Back to top
View user's profile Send private message
Fitzcarraldo
Veteran
Veteran


Joined: 30 Aug 2008
Posts: 1631
Location: United Kingdom

PostPosted: Thu Jun 15, 2017 2:50 am    Post subject: Reply with quote

Tony0945 wrote:
Thank You, FitzCarraldo for that very informative blog post! It is much clearer than the Windows stuff that I have been reading. My network consists of one XP machine, one Win 7 machine and two Gentoo machines. Most (but not all) traffic is transferring files between the two Windows machines and the central Linux server. The Win 7 machine is recent and I was dismayed by that homegroup setup. When I couldn't connect from either XP or Gentoo, I installed a business group (or whatever they call it) and was able to connect. You would think that at least Windows could easily connect to Windows, wouldn't you?

I'm glad you found it helpful. Windows networking is awful!
_________________
Clevo W230SS: amd64 OpenRC elogind nvidia-drivers & xf86-video-intel.
Compal NBLB2: ~amd64 OpenRC elogind xf86-video-ati. Dual boot Win 7 Pro 64-bit.
KDE on both.

Fitzcarraldo's blog
Back to top
View user's profile Send private message
gordonb3
Apprentice
Apprentice


Joined: 01 Jul 2015
Posts: 185

PostPosted: Thu Jun 15, 2017 10:12 am    Post subject: Reply with quote

Hmmm. Windows networking is pretty straight forward. They just did this weird thing with network auto discovery (copied from Mac obviously) and making the machines exchange (security) information on their own. Workgroup or Homegroup doesn't really do anything. It's mostly a placeholder that is apparently required by the security system. A domain grants the server control over the member machines' security which is kind of cool from an administrator's point of view. Microsoft sort if f'd it up though starting with Vista and the server now essentially only acts as a password server. For which far better systems exist than this weird sub-security layer.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum